<!doctype html><!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7" lang="en-us" > <![endif]--><!--[if IE 7]>    <html class="no-js lt-ie9 lt-ie8" lang="en-us" >        <![endif]--><!--[if IE 8]>    <html class="no-js lt-ie9" lang="en-us" >               <![endif]--><!--[if gt IE 8]><!--><html class="no-js" lang="en-us"><!--<![endif]--><head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
    <meta name="author" content="Sonatype Security Research Team">
    <meta name="description" content="Sonatype’s automated malware detection system has caught multiple malicious packages on the npm registry this month.">
    <meta name="generator" content="HubSpot">
    <title>Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices</title>
    <link rel="shortcut icon" href="https://blog.sonatype.com/hubfs/SON_logo_favicon.png">
    

    <script src="/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js"></script>
<script>hsjQuery = window['jQuery'];</script>
    <meta property="og:description" content="Sonatype’s automated malware detection system has caught multiple malicious packages on the npm registry this month.">
    <meta property="og:title" content="Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices">
    <meta name="twitter:description" content="Sonatype’s automated malware detection system has caught multiple malicious packages on the npm registry this month.">
    <meta name="twitter:title" content="Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices">

    

    

    <style>
a.cta_button{-moz-box-sizing:content-box !important;-webkit-box-sizing:content-box !important;box-sizing:content-box !important;vertical-align:middle}.hs-breadcrumb-menu{list-style-type:none;margin:0px 0px 0px 0px;padding:0px 0px 0px 0px}.hs-breadcrumb-menu-item{float:left;padding:10px 0px 10px 10px}.hs-breadcrumb-menu-divider:before{content:'›';padding-left:10px}.hs-featured-image-link{border:0}.hs-featured-image{float:right;margin:0 0 20px 20px;max-width:50%}@media (max-width: 568px){.hs-featured-image{float:none;margin:0;width:100%;max-width:100%}}.hs-screen-reader-text{clip:rect(1px, 1px, 1px, 1px);height:1px;overflow:hidden;position:absolute !important;width:1px}
</style>

<link rel="stylesheet" href="https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/40666130479/1630541070337/module_40666130479_Mega_Menu_Module_Jan_2021_NEW_MEGA.min.css">
<link rel="stylesheet" href="https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/40666130714/1638830373102/module_40666130714_MEGA_Menu_Code_Jan_2021_NEW_MEGA.min.css">
<link rel="stylesheet" href="/hs/hsstatic/AsyncSupport/static-1.122/sass/comments_listing_asset.css" />
    


    

<meta name="viewport" content="width=device-width, initial-scale=1">
<script type="text/javascript" src="https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3937994511/1591984849376/In_Use/In_Use_JS/Form-quality-check.min.js"></script>

<!-- Add fancybox support -->

<script type="text/javascript" src="https://blog.sonatype.com/hubfs/Plugins/fancybox/lib/jquery.mousewheel-3.0.6.pack.js"></script>

<link rel="stylesheet" href="https://blog.sonatype.com/hubfs/Plugins/fancybox/source/jquery.fancybox.css?v=2.1.5" type="text/css" media="screen">
<script type="text/javascript" src="https://blog.sonatype.com/hubfs/Plugins/fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script>

<!-- Optionally add helpers - button, thumbnail and/or media -->

<link rel="stylesheet" href="https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-buttons.css?v=1.0.5" type="text/css" media="screen">

<script type="text/javascript" src="https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-buttons.js?v=1.0.5"></script>

<script type="text/javascript" src="https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-media.js?v=1.0.6"></script>

<link rel="stylesheet" href="https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-thumbs.css?v=1.0.7" type="text/css" media="screen">

<script type="text/javascript" src="https://blog.sonatype.com/hubfs/Plugins/fancybox/source/helpers/jquery.fancybox-thumbs.js?v=1.0.7"></script>

<script type="text/javascript">
    $(document).ready(function() {
        $('.fancybox')
            .fancybox({
                openEffect : 'none',
                closeEffect : 'none',
                prevEffect : 'none',
                nextEffect : 'none',

                arrows : false,
                helpers : {
                    media : {},
                    buttons : {}
                }
            });
});
</script>
<meta name="google-site-verification" content="YwJUaTig7dTU7VWHgOIGs-O5zEmCFqLjIC4hFfkLAyA">
<!-- Google Tag Manager -->
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-TT8R4P');</script>
<!-- End Google Tag Manager -->
<script src="https://use.fonticons.com/cae69742.js"></script>

<!-- Start of Async Drift Code -->
<script>
"use strict";

!function() {
  var t = window.driftt = window.drift = window.driftt || [];
  if (!t.init) {
    if (t.invoked) return void (window.console && console.error && console.error("Drift snippet included twice."));
    t.invoked = !0, t.methods = [ "identify", "config", "track", "reset", "debug", "show", "ping", "page", "hide", "off", "on" ], 
    t.factory = function(e) {
      return function() {
        var n = Array.prototype.slice.call(arguments);
        return n.unshift(e), t.push(n), t;
      };
    }, t.methods.forEach(function(e) {
      t[e] = t.factory(e);
    }), t.load = function(t) {
      var e = 3e5, n = Math.ceil(new Date() / e) * e, o = document.createElement("script");
      o.type = "text/javascript", o.async = !0, o.crossorigin = "anonymous", o.src = "https://js.driftt.com/include/" + n + "/" + t + ".js";
      var i = document.getElementsByTagName("script")[0];
      i.parentNode.insertBefore(o, i);
    };
  }
}();
drift.SNIPPET_VERSION = '0.3.1';
drift.load('99hz8ezzd9gu');
</script>

<!-- End of Async Drift Code -->

<script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="9958dd21-8504-4dbf-8e2f-e736792a6843" type="text/javascript" async></script>

<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-137036301-1"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'UA-137036301-1');
</script>

<link rel="amphtml" href="https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices?hs_amp=true">

<meta property="og:image" content="https://blog.sonatype.com/hubfs/GettyImages-1310263594.png#keepProtocol">
<meta property="og:image:width" content="3260">
<meta property="og:image:height" content="1860">
<meta property="og:image:alt" content="Image of bitcoin breaking through a dollar bill ">
<meta name="twitter:image" content="https://blog.sonatype.com/hubfs/GettyImages-1310263594.png#keepProtocol">
<meta name="twitter:image:alt" content="Image of bitcoin breaking through a dollar bill ">

<meta property="og:url" content="https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices">
<meta name="twitter:card" content="summary_large_image">

<link rel="canonical" href="https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices">

<meta property="og:type" content="article">
<link rel="alternate" type="application/rss+xml" href="https://blog.sonatype.com/rss.xml">
<meta name="twitter:domain" content="blog.sonatype.com">
<script src="//platform.linkedin.com/in.js" type="text/javascript">
    lang: en_US
</script>

<meta http-equiv="content-language" content="en-us">
<link rel="stylesheet" href="//cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1640198334661/hubspot/hubspot_default/shared/responsive/layout.min.css">
<link rel="stylesheet" href="https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/3797839657/1638830605229/In_Use/In_Use_CSS/default/hs_default_custom_style.css">

<link rel="stylesheet" href="https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296081041/1635794559809/In_Use/In_Use_CSS/Updates-Fall-2017.min.css">


    <style>
  
   .blog-2018 .blog-section ul li {
    line-height: 29px;
    margin-bottom: 7px;
  }
.no_results {
    display: none;
}
.body-container .tabber-tabs{
    border-bottom:1px solid #ddd;
    list-style:none;
    padding:0;
    margin:0 0 -2px;
}
.tabber-tabs>li {
    float:left;
    width:170px;
}
.tabber-tabs>li>a {
    padding-right:12px;
    padding-left:12px;
    margin-right:2px;
    line-height:14px;
    padding-top:8px;
    padding-bottom:8px;
    line-height:20px;
    border-bottom:1px solid #ddd;
    text-decoration:none;
    display:block;
    font-size:18px;
}
.tabber-tabs>.active>a,.tabber-tabs>.active>a:hover,.tabber-tabs>.active>a:focus{
    color:#555;
    cursor:default;
    background-color:#fff;
    border-bottom:3px solid #3b4d96;
}
.tabber-content {
    background:#fff;
    padding:8px;

}
.body-container .tabber-content ul {
    padding:0;
    margin:0;
}
.tabber-content .block h3{
    display:none;
}
.tabber-wrap {
 
 }
.tabber-post-image {
    max-width: 100%;
    object-fit: cover;
    object-position: 0;
    height: 80px;
    width: 100%;  
  }
.tabber-post-heading {
  font-size:18px;
  line-height:21px;
  }
  p {
    margin-top: 0px;
}
  .blog-2018 h2 {
    color: #3b4d96;
    margin-bottom: 5px;
    line-height: 1.2;
    margin-top: 40px;
}
  .blog-2018 h3 {
    font-size: 130%;
    margin-bottom: 0px;
    margin-top: 30px;
}
  .blog-2018.hs-blog-post .sonatype-section>.row-fluid-wrapper .about-author-sec {
    margin-top: 20px;
    border: none;
    background: #F2F8FC;
  }
   .blog-2018.hs-blog-post .sonatype-section>.row-fluid-wrapper .about-author-sec p {
    font-size: 16px;
    font-family: "Proxima Nova Medium";
  }
  .blog-2018 .blog-section .post-header h1 {
    line-height: 53px;
    margin-bottom: 0px;
  }
 .blog-2018 .blog-section a, a:active, a:focus, a:visited  {
    font-family: "Proxima Nova Semibold";
}

@media (max-width:1350px) and (min-width:767px) {
  .tabber-tabs>li {
    width:125px;
  }  
}
@media (max-width:480px) {
  .tabber-tabs>li {
    width:125px;
  }  
}
</style>
    

</head>
<body class="blog-2018   hs-content-id-57962394675 hs-blog-post hs-blog-id-3737438004" style="">
<!--  Added by AdRoll integration -->
<script type="text/javascript">
  adroll_adv_id = "LVE6K7UX6ZF3TJCF5YYLLW";
  adroll_pix_id = "QDMEQXRCGJGFVFHP7PP7BL";
  var _hsp = window._hsp = window._hsp || [];
  (function () {
      var _onload = function(){
          if (document.readyState && !/loaded|complete/.test(document.readyState)){setTimeout(_onload, 10);return}
          if (!window.__adroll_loaded){__adroll_loaded=true;setTimeout(_onload, 50);return}
          _hsp.push(['addPrivacyConsentListener', function(consent) { if (consent.allowed || (consent.categories && consent.categories.advertisement)) {
            var scr = document.createElement("script");
            var host = (("https:" == document.location.protocol) ? "https://s.adroll.com" : "http://a.adroll.com");
            scr.setAttribute('async', 'true');
            scr.type = "text/javascript";
            scr.src = host + "/j/roundtrip.js";
            ((document.getElementsByTagName('head') || [null])[0] ||
                document.getElementsByTagName('script')[0].parentNode).appendChild(scr);
          }}]);
      };
      if (window.addEventListener) {window.addEventListener('load', _onload, false);}
      else {window.attachEvent('onload', _onload)}
  }());
</script>

<!-- /Added by AdRoll integration -->

    <div class="header-container-wrapper">
    <div class="header-container container-fluid">

<div class="row-fluid-wrapper row-depth-1 row-number-1 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-global_group " style="" data-widget-type="global_group" data-x="0" data-w="12">
<div class="" data-global-widget-path="generated_global_groups/3906896744.html"><div class="row-fluid-wrapper row-depth-1 row-number-1 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell header-positioning" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-2 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell sonatype-secondary-header sonatype-section" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-3 ">
<div class="row-fluid ">
<div class="span5 widget-span widget-type-rich_text sonatype-news" style="" data-widget-type="rich_text" data-x="0" data-w="5">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_14567894788182" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><p><span>Critical New 0-day Vulnerability in Popular Log4j Library Discovered | </span><a href="https://blog.sonatype.com/a-new-0-day-log4j-vulnerability-discovered-in-the-wild" rel="noopener">Read Blog</a></p></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
<div class="span5 widget-span widget-type-menu sonatype-secondary-nav" style="" data-widget-type="menu" data-x="5" data-w="5">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_1458689972919765" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="menu"><div id="hs_menu_wrapper_module_1458689972919765" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="Secondary menu" data-menu-id="4001614731" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://twitter.com/sonatype" role="menuitem" target="_blank" rel="noopener"><i class="fa fa-twitter"></i></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.linkedin.com/company/sonatype" role="menuitem" target="_blank" rel="noopener"><i class="fa fa-linkedin"></i></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.facebook.com/Sonatype" role="menuitem" target="_blank" rel="noopener"><i class="fa fa-facebook"></i></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.youtube.com/user/sonatype" role="menuitem" target="_blank" rel="noopener"><i class="fa fa-youtube-play"></i></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://github.com/sonatype" role="menuitem" target="_blank" rel="noopener"><i class="fa fa-github"></i></a></li>
 </ul>
</div></span></div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
<div class="span2 widget-span widget-type-space " style="" data-widget-type="space" data-x="10" data-w="2">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_1525102574142455" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_space" style="" data-hs-cos-general-type="widget" data-hs-cos-type="space"></span></div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-4 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell sonatype-section sonatype-primary-header" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-5 ">
<div class="row-fluid ">


  <div class="span2 widget-span widget-type-logo sonatype-primary-nav-logo" style="" data-widget-type="logo" data-x="0" data-w="3">
  <div class="cell-wrapper layout-widget-wrapper">
  <span id="hs_cos_wrapper_module_14567894788185" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_logo" style="" data-hs-cos-general-type="widget" data-hs-cos-type="logo">
    <a href="https://www.sonatype.com/" id="hs-link-module_14567894788185" style="border-width:0px;border:0px;">
      <img src="https://blog.sonatype.com/hs-fs/hubfs/SON_logo_main@2x%20copy%20trimmed.png?width=165&amp;name=SON_logo_main@2x%20copy%20trimmed.png" class="hs-image-widget " style="width:165px;border-width:0px;border:0px;" width="165" alt="Sonatype" title="Sonatype" srcset="https://blog.sonatype.com/hs-fs/hubfs/SON_logo_main@2x%20copy%20trimmed.png?width=83&amp;name=SON_logo_main@2x%20copy%20trimmed.png 83w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_main@2x%20copy%20trimmed.png?width=165&amp;name=SON_logo_main@2x%20copy%20trimmed.png 165w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_main@2x%20copy%20trimmed.png?width=248&amp;name=SON_logo_main@2x%20copy%20trimmed.png 248w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_main@2x%20copy%20trimmed.png?width=330&amp;name=SON_logo_main@2x%20copy%20trimmed.png 330w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_main@2x%20copy%20trimmed.png?width=413&amp;name=SON_logo_main@2x%20copy%20trimmed.png 413w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_main@2x%20copy%20trimmed.png?width=495&amp;name=SON_logo_main@2x%20copy%20trimmed.png 495w" sizes="(max-width: 165px) 100vw, 165px"></a></span></div><!--end layout-widget-wrapper -->
  </div>


<div style="display:none;" class="theresaiscool1">
  PATH:/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices
  QUERY:
  DOMAIN:blog.sonatype.com
</div>
<div class="span10 widget-span widget-type-cell " style="" data-widget-type="cell" data-x="2" data-w="10">

<div class="row-fluid-wrapper row-depth-1 row-number-6 ">
<div class="row-fluid ">
<nav class="sonatype-primary-nav mobile-version">
  
<div class="span12 widget-span widget-type-menu sonatype-mega mobile-navigation" style="" data-widget-type="menu" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_1503095781726111" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="menu"><div id="hs_menu_wrapper_module_1503095781726111" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="Sonatype - v1 -Launch- - March 2016" data-menu-id="40788459105" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem">Products</a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading" style="margin-top:0;">Software composition Analysis</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/lifecycle?topnav=true" role="menuitem"><span style="margin-top:-14px; font-size:15px;">Nexus Lifecycle<br><span class="small-menu-text">Eliminate OSS risk across the entire SDLC</span></span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/firewall?topnav=true" role="menuitem">Nexus Firewall<br><span class="small-menu-text">Protect your artifact repository from OSS risk</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading" style="margin-top:0;">Code Quality Analysis</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/sonatype-lift?topnav=true" role="menuitem"><span style="margin-top:-14px; font-size:15px;">Sonatype Lift<br><span class="small-menu-text">Find and fix security, performance, and reliability bugs during code review.</span></span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading">Repository MANAGEMENT </span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/repository-oss?topnav=true" role="menuitem"><span style="margin-top:-14px; font-size:15px;">Nexus Repository OSS<br><span class="small-menu-text">Universally manage binaries and artifacts for FREE</span></span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/repository-pro?topnav=true" role="menuitem">Nexus Repository Pro<br><span class="small-menu-text">Universally manage binaries and artifacts with HA and support</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading">CONTAINER + INFRASTRUCTURE SECURITY</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/container?topnav=true" role="menuitem"><span style="margin-top:-14px; font-size:15px;">Nexus Container<br><span class="small-menu-text">Identify and remediate OSS risk in containers for build and run-time protection</span></span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/infrastructure-as-code?topnav=true" role="menuitem">Infrastructure as a Code Pack for Nexus Lifecycle<br><span class="small-menu-text">Choose the best open source components and keep your cloud infrastructure secure.</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/software-supply-chain-management?topnav=true" role="menuitem"><span class="mega-mobile-heading">FULL SPECTRUM PLATFORM</span><br><span class="small-menu-text" style="margin-top:-14px; ">Automate your software supply chain security against every attack with Sonatype’s suite of products.</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/pricing?topnav=true" role="menuitem"><span class="mega-mobile-heading">PLANS &amp; PRICING</span><br><span class="small-menu-text" style="margin-top:-14px;">We’ve got your software supply chain covered. Simply pick the plan that works best for your team.</span></a></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem">Solutions</a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading" style="margin-top:0;">For Professionals</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/software-developers?topnav=true" role="menuitem">Developers</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/appsec-professionals?topnav=true" role="menuitem">Application Security</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/devsecops-leaders?topnav=true" role="menuitem">DevSecOps</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/legal-and-compliance-officers?topnav=true" role="menuitem">Legal &amp; Compliance</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading">For Industries</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/government?topnav=true" role="menuitem"> Government</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/banking-and-financial-services?topnav=true" role="menuitem"> Financial Services</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/manufacturing?topnav=true" role="menuitem">Manufacturing</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/technology-and-software?topnav=true" role="menuitem">Technology</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/solutions/healthcare?topnav=true" role="menuitem">Healthcare</a></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/customer-success?topnav=true" role="menuitem">Customer Stories</a></li>
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem">Resources</a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading" style="margin-top:0;">Content</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/resources/whitepapers-reports-and-books?topnav=true" role="menuitem">Whitepapers &amp; eBooks</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/resources/webinars?topnav=true" role="menuitem">Webinars</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://video.sonatype.com/?topnav=true" role="menuitem" target="_blank" rel="noopener">Videos</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/resources/upcoming-events?topnav=true" role="menuitem">Events</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading">INtegrations &amp; FREE TOOLS </span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/integrations?topnav=true" role="menuitem">Sonatype Integrations</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://ossindex.sonatype.org/?__hstc=31049440.d5ab0fbc6553211f149a678e47fa8ad9.1538587991933.1611152721095.1611169623363.1832&amp;__hssc=31049440.11.1611169623363&amp;__hsfp=3828529911" role="menuitem">Sonatype OSS Index</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/vulnerability-scanner?topnav=true" role="menuitem">Nexus Vulnerability Scanner</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/free-developer-tools?topnav=true" role="menuitem">Free Developer Tools</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading">CUSTOMER PORTAL</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://my.sonatype.com/?topnav=true" role="menuitem" target="_blank" rel="noopener"><span style="margin-top:-14px;font-size:14px;">My Sonatype<br><span class="small-menu-text">Customer support, product guides &amp; documentation, online courses, community, and more.</span></span></a></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1 hs-item-has-children" role="none"><a href="javascript:;" aria-haspopup="true" aria-expanded="false" role="menuitem">Company</a>
   <ul role="menu" class="hs-menu-children-wrapper">
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="javascript:;" role="menuitem"><span class="mega-mobile-heading" style="margin-top:0;">About Us</span></a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/company/?topnav=true" role="menuitem">About Sonatype</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/products/intelligence?topnav=true" role="menuitem">About Nexus Intelligence</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/partners?topnav=true" role="menuitem">Partner Program</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/company/careers?topnav=true" role="menuitem">Careers at Sonatype</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/press-releases?topnav=true" role="menuitem">Press Releases</a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/company/media?topnav=true" role="menuitem">Media </a></li>
    <li class="hs-menu-item hs-menu-depth-2" role="none"><a href="https://www.sonatype.com/contactus?topnav=true" role="menuitem"><span class="mega-mobile-heading">Contact Us</span></a></li>
   </ul></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://blog.sonatype.com/?topnav=true" role="menuitem">Blog</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/request-a-personalized-demo?topnav=true" role="menuitem">BOOK A DEMO</a></li>
 </ul>
</div></span></div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
             
</nav>
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-7 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell desktop-navigation" style="position:relative;" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-2 row-number-1 ">
<div class="row-fluid ">
<nav class="sonatype-primary-nav">
  
<div class="span12 widget-span widget-type-menu sonatype-mega" style="" data-widget-type="menu" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_14576409481131480" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="menu"><div id="hs_menu_wrapper_module_14576409481131480" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="Sonatype Solutions Menu" data-menu-id="28631988575" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="javascript:;" role="menuitem"><span class="mega-item one">Products</span></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="javascript:;" role="menuitem"><span class="mega-item two">Solutions</span></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="javascript:;" role="menuitem"><span class="mega-item three">Resources</span></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="javascript:;" role="menuitem"><span class="mega-item four">Company</span></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://blog.sonatype.com/?topnav=true" role="menuitem">Blog</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/request-a-personalized-demo?topnav=true" role="menuitem">BOOK A DEMO</a></li>
 </ul>
</div></span></div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
                 
</nav>
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-2 row-number-2 ">
<div class="row-fluid ">
<div class="mega-menu one">
  
<div class="span12 widget-span widget-type-cell " style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-2 row-number-3 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget " style="" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_module_1612478720543859" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><div class="mega-container ">
  <div class="menu-title">
   
      <div class="themenus">
        <div class="menu-col1 mega-links two_col">
          
            <div id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><h4>Software composition analysis</h4></div>
            <span id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612478720543859_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/lifecycle?topnav=true" role="menuitem" target="_self">Nexus Lifecycle<br><span class="small-menu-text">Eliminate OSS risk across the entire SDLC.</span></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/firewall?topnav=true" role="menuitem" target="_self">Nexus Firewall<br><span class="small-menu-text">Protect Nexus and Artifactory repos from OSS risk.</span></a></li>
 </ul>
</div></span>

          
            <div id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><h4>Container + Infrastructure Security</h4></div>
            <span id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612478720543859_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/container?topnav=true" role="menuitem" target="_self">Nexus Container<br><span class="small-menu-text">Identify and remediate OSS risk in containers for build and run-time protection.</span></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/infrastructure-as-code?topnav=true" role="menuitem" target="_self">Infrastructure as a Code Pack for Nexus Lifecycle<br><span class="small-menu-text">Choose the best open source components and keep your cloud infrastructure secure.</span></a></li>
 </ul>
</div></span>

          
        </div>
        <div class="menu-col2 mega-links two_col">
          
            <div id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_2_heading"><h4>CODE QUALITY ANALYSIS</h4></div>
            <span id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612478720543859_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/sonatype-lift" role="menuitem" target="_self">Sonatype Lift<br><span class="small-menu-text">Find and fix security, performance, and reliability bugs during code review.</span></a></li>
 </ul>
</div></span>

          
            <div id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_2_heading"><h4>Repository MANAGEMENT</h4></div>
            <span id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612478720543859_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/repository-oss?topnav=true" role="menuitem" target="_self">Nexus Repository OSS <br><span class="small-menu-text">Universally manage binaries and artifacts for FREE.</span></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/repository-pro?topnav=true" role="menuitem" target="_self">Nexus Repository Pro<br><span class="small-menu-text">Universally manage binaries and artifacts with HA and support.</span></a></li>
 </ul>
</div></span>

          
        </div>
    </div>
  </div>

</div>


  <div class="mega-container blue-menu-group">
    <div class="menu-title">
     
        <div class="themenus">
          <div class="menu-col1 mega-links two_col">
            
              <div id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><a href="https://www.sonatype.com/products/software-supply-chain-management?topnav=true">
<h4>Full Spectrum Platform</h4>
</a></div>
              <span id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612478720543859_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/software-supply-chain-management?topnav=true" role="menuitem" target="_self"><span class="small-menu-text">Automate your software supply chain security against every attack with Sonatype’s suite of products.</span></a></li>
 </ul>
</div></span>

            
          </div>
          <div class="menu-col2 mega-links two_col">
            
              <div id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_2_heading"><a href="https://www.sonatype.com/products/pricing?topnav=true&amp;hsLang=en-us">
<h4>Plans &amp; PRICING</h4>
</a></div>
              <span id="hs_cos_wrapper_module_1612478720543859_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612478720543859_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/pricing?topnav=true&amp;hsLang=en-us" role="menuitem" target="_self"><span class="small-menu-text">We’ve got your software supply chain covered. Simply pick the plan that works best for your team.</span></a></li>
 </ul>
</div></span>

            
          </div>
      </div>
    </div>

  </div>
</div>

   </div><!--end widget-span -->
    </div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
                 
</div>
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-2 row-number-4 ">
<div class="row-fluid ">
<div class="mega-menu two">
  
<div class="span12 widget-span widget-type-cell " style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-2 row-number-5 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget " style="" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_module_1612479281042910" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><div class="mega-container ">
  <div class="menu-title">
   
      <div class="themenus">
        <div class="menu-col1 mega-links one_col">
          
            <div id="hs_cos_wrapper_module_1612479281042910_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><h4>For Professionals</h4></div>
            <span id="hs_cos_wrapper_module_1612479281042910_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612479281042910_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/software-developers?topnav=true" role="menuitem" target="_self">Developers</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/appsec-professionals?topnav=true" role="menuitem" target="_self">Application Security</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/devsecops-leaders?topnav=true" role="menuitem" target="_self">DevSecOps</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/legal-and-compliance-officers?topnav=true" role="menuitem" target="_self">Legal &amp; Compliance</a></li>
 </ul>
</div></span>

          
            <div id="hs_cos_wrapper_module_1612479281042910_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><h4>For Industries</h4></div>
            <span id="hs_cos_wrapper_module_1612479281042910_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612479281042910_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/government?topnav=true" role="menuitem" target="_self">Government</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/banking-and-financial-services?topnav=true" role="menuitem" target="_self">Financial Services</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/manufacturing?topnav=true" role="menuitem" target="_self">Manufacturing</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/technology-and-software?topnav=true" role="menuitem" target="_self">Technology</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/healthcare?topnav=true" role="menuitem" target="_self">Healthcare</a></li>
 </ul>
</div></span>

          
        </div>
        <div class="menu-col2 mega-links one_col">
          
        </div>
    </div>
  </div>

</div>

</div>

   </div><!--end widget-span -->
    </div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
                 
</div>
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-2 row-number-6 ">
<div class="row-fluid ">
<div class="mega-menu three">
  
<div class="span12 widget-span widget-type-cell " style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-2 row-number-7 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget " style="" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_module_1612479744596943" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><div class="mega-container ">
  <div class="menu-title">
   
      <div class="themenus">
        <div class="menu-col1 mega-links two_col">
          
            <div id="hs_cos_wrapper_module_1612479744596943_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><h4>Content</h4></div>
            <span id="hs_cos_wrapper_module_1612479744596943_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612479744596943_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/resources/whitepapers-reports-and-books?topnav=true" role="menuitem" target="_self">Whitepapers &amp; eBooks</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/resources/webinars?topnav=true" role="menuitem" target="_self">Webinars</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://video.sonatype.com/?topnav=true" role="menuitem" target="_self">Videos</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/customer-success?topnav=true" role="menuitem" target="_self">Customer Stories</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/resources/upcoming-events?topnav=true" role="menuitem" target="_self">Events</a></li>
 </ul>
</div></span>

          
            <div id="hs_cos_wrapper_module_1612479744596943_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><h4>CUSTOMER Portal</h4></div>
            <span id="hs_cos_wrapper_module_1612479744596943_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612479744596943_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/training" role="menuitem" target="_self">Training &amp; Workshops</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://my.sonatype.com/?topnav=true" role="menuitem" target="_blank" rel="noopener">My Sonatype&nbsp;&nbsp;<i class="fa fa-external-link"></i><br><span class="small-menu-text">Customer support, product guides &amp; documentation, learning paths, community, and more.</span></a></li>
 </ul>
</div></span>

          
        </div>
        <div class="menu-col2 mega-links two_col">
          
            <div id="hs_cos_wrapper_module_1612479744596943_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_2_heading"><h4>INtegrations &amp; FREE TOOLS</h4></div>
            <span id="hs_cos_wrapper_module_1612479744596943_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612479744596943_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/integrations?topnav=true" role="menuitem" target="_self">Sonatype Integrations</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://ossindex.sonatype.org/?__hstc=31049440.d5ab0fbc6553211f149a678e47fa8ad9.1538587991933.1610484080896.1610550007599.1814&amp;__hssc=31049440.2.1610550007599&amp;__hsfp=2873996859" role="menuitem" target="_self">Sonatype OSS Index&nbsp;&nbsp;<i class="fa fa-external-link"></i></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/vulnerability-scanner?topnav=true" role="menuitem" target="_self">Nexus Vulnerability Scanner</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/free-developer-tools?topnav=true" role="menuitem" target="_self">Free Developer Tools</a></li>
 </ul>
</div></span>

          
        </div>
    </div>
  </div>

</div>

</div>

   </div><!--end widget-span -->
    </div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
                 
</div>
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-2 row-number-8 ">
<div class="row-fluid ">
<div class="mega-menu four">
  
<div class="span12 widget-span widget-type-cell " style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-2 row-number-9 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget " style="" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_module_1612480385524997" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><div class="mega-container ">
  <div class="menu-title">
   
      <div class="themenus">
        <div class="menu-col1 mega-links one_col">
          
            <div id="hs_cos_wrapper_module_1612480385524997_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><h4>About us</h4></div>
            <span id="hs_cos_wrapper_module_1612480385524997_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1612480385524997_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-horizontal" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/?topnav=true" role="menuitem" target="_self">About Sonatype</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/intelligence?topnav=true" role="menuitem" target="_self">About Nexus Intelligence</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/analyst-recognition-and-insights?topnav=true" role="menuitem" target="_self">Analyst Recognition</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/partners?topnav=true" role="menuitem" target="_self">Partners</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/careers?topnav=true" role="menuitem" target="_self">Careers at Sonatype</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/press-releases?topnav=true" role="menuitem" target="_self">Press Releases</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/media?topnav=true" role="menuitem" target="_self">Media</a></li>
 </ul>
</div></span>

          
            <div id="hs_cos_wrapper_module_1612480385524997_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_inline_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="inline_rich_text" data-hs-cos-field="column_1_heading"><a href="https://www.sonatype.com/contactus?topnav=true">
<h4>Contact Us</h4>
</a></div>
            <span id="hs_cos_wrapper_module_1612480385524997_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><ul></ul></span>

          
        </div>
        <div class="menu-col2 mega-links one_col">
          
        </div>
    </div>
  </div>

</div>

</div>

   </div><!--end widget-span -->
    </div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
                 
</div>
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-1 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-raw_html smartling-language-selector" style="" data-widget-type="raw_html" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_1525102768418461" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_raw_html" style="" data-hs-cos-general-type="widget" data-hs-cos-type="raw_html"><div id="smt-lang-selector"></div></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-2 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget " style="display:none;" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_module_1612478683514846" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"></div>

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->
</div>
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-2 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell blog-banner" style="display:none;" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-3 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell blog-banner-opacity" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-4 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-raw_jinja hs-blog-header" style="" data-widget-type="raw_jinja" data-x="0" data-w="12">
<h1>Sonatype Blog</h1></div><!--end widget-span -->

</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

    </div><!--end header -->
</div><!--end header wrapper -->

<div class="body-container-wrapper">
    <div class="body-container container-fluid">

<div class="row-fluid-wrapper row-depth-1 row-number-1 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell sonatype-section" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-2 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell " style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-3 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-blog_content " style="" data-widget-type="blog_content" data-x="0" data-w="12">
<div class="blog-section">

    <div class="row-fluid">
      <div class="span8 post-header" style="position:relative;">
          <h1><span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text">Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices</span></h1>
           <div class="sticky-social">
             <div class="social-align">
               <span id="hs_cos_wrapper_my_social_sharing" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_social_sharing" style="" data-hs-cos-general-type="widget" data-hs-cos-type="social_sharing"><a href="http://www.facebook.com/share.php?u=https%3A%2F%2Fblog.sonatype.com%2Fnewly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices%3Futm_medium%3Dsocial%26utm_source%3Dfacebook" target="_blank" rel="noopener" style="width:24px;border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=24&amp;name=facebook-circle-trim.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Facebook" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=12&amp;name=facebook-circle-trim.png 12w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=24&amp;name=facebook-circle-trim.png 24w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=36&amp;name=facebook-circle-trim.png 36w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=48&amp;name=facebook-circle-trim.png 48w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=60&amp;name=facebook-circle-trim.png 60w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=72&amp;name=facebook-circle-trim.png 72w" sizes="(max-width: 24px) 100vw, 24px"></a>&nbsp;<a href="http://www.linkedin.com/shareArticle?mini=true&amp;url=https%3A%2F%2Fblog.sonatype.com%2Fnewly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices%3Futm_medium%3Dsocial%26utm_source%3Dlinkedin" target="_blank" rel="noopener" style="width:24px;border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=24&amp;name=Linked-In-Circle-trim.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on LinkedIn" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=12&amp;name=Linked-In-Circle-trim.png 12w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=24&amp;name=Linked-In-Circle-trim.png 24w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=36&amp;name=Linked-In-Circle-trim.png 36w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=48&amp;name=Linked-In-Circle-trim.png 48w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=60&amp;name=Linked-In-Circle-trim.png 60w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=72&amp;name=Linked-In-Circle-trim.png 72w" sizes="(max-width: 24px) 100vw, 24px"></a>&nbsp;<a href="https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fblog.sonatype.com%2Fnewly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&amp;url=https%3A%2F%2Fblog.sonatype.com%2Fnewly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&amp;source=tweetbutton&amp;text=Newly%20Found%20npm%20Malware%20Mines%20Cryptocurrency%20on%20Windows%2C%20Linux%2C%20macOS%20Devices" target="_blank" rel="noopener" style="width:24px;border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=24&amp;name=Twitter-circle-trim.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Twitter" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=12&amp;name=Twitter-circle-trim.png 12w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=24&amp;name=Twitter-circle-trim.png 24w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=36&amp;name=Twitter-circle-trim.png 36w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=48&amp;name=Twitter-circle-trim.png 48w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=60&amp;name=Twitter-circle-trim.png 60w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=72&amp;name=Twitter-circle-trim.png 72w" sizes="(max-width: 24px) 100vw, 24px"></a>&nbsp;<a href="mailto:?subject=Check%20out%20https%3A%2F%2Fblog.sonatype.com%2Fnewly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices%3Futm_medium%3Dsocial%26utm_source%3Demail%20&amp;body=Check%20out%20https%3A%2F%2Fblog.sonatype.com%2Fnewly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices%3Futm_medium%3Dsocial%26utm_source%3Demail" target="_blank" rel="noopener" style="width:24px;border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=24&amp;name=mail-circle.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Email" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=12&amp;name=mail-circle.png 12w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=24&amp;name=mail-circle.png 24w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=36&amp;name=mail-circle.png 36w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=48&amp;name=mail-circle.png 48w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=60&amp;name=mail-circle.png 60w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=72&amp;name=mail-circle.png 72w" sizes="(max-width: 24px) 100vw, 24px"></a></span>
             </div>      
          </div>
      </div>
       <div class="span4">
      </div>
  </div>
    <div class="row-fluid">
        <div class="span8">
            <div class="blog-post-wrapper cell-wrapper">
               <div class="blog-section">
                    <div class="blog-post-wrapper cell-wrapper">
                        <div class="row-fluid">
                            <div class="span12">                                
                                <div class="row-fluid">
                                    <div class="span12">                                    
                                        <div class="section post-header">
                                          
                                            <div class="row-fluid">
                                                <div class="span9">
                                                   <div id="hubspot-author_data" class="hubspot-editable" data-hubspot-form-id="author_data" data-hubspot-name="Blog Author">
                                                      
                                                          October 20, 2021 By <a class="author-link" href="https://blog.sonatype.com/author/sonatype-security-research-team">Sonatype Security Research Team</a>                          
                                                     
                                                  </div>
                                               </div>
                                              <div class="span3">
                                                <div class="row-fluid mobile-social">
                                                    <div class="span4">
                                                       SHARE:&nbsp;
                                                    </div>
                                                    <div class="span8">
                                                        <div class="social-align ">
                                                          <span id="hs_cos_wrapper_my_social_sharing" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_social_sharing" style="" data-hs-cos-general-type="widget" data-hs-cos-type="social_sharing"><a href="http://www.facebook.com/share.php?u=https%3A%2F%2Fblog.sonatype.com%2Fnewly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices%3Futm_medium%3Dsocial%26utm_source%3Dfacebook" target="_blank" rel="noopener" style="width:24px;border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=24&amp;name=facebook-circle-trim.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Facebook" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=12&amp;name=facebook-circle-trim.png 12w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=24&amp;name=facebook-circle-trim.png 24w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=36&amp;name=facebook-circle-trim.png 36w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=48&amp;name=facebook-circle-trim.png 48w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=60&amp;name=facebook-circle-trim.png 60w, https://blog.sonatype.com/hs-fs/hubfs/facebook-circle-trim.png?width=72&amp;name=facebook-circle-trim.png 72w" sizes="(max-width: 24px) 100vw, 24px"></a>&nbsp;<a href="http://www.linkedin.com/shareArticle?mini=true&amp;url=https%3A%2F%2Fblog.sonatype.com%2Fnewly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices%3Futm_medium%3Dsocial%26utm_source%3Dlinkedin" target="_blank" rel="noopener" style="width:24px;border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=24&amp;name=Linked-In-Circle-trim.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on LinkedIn" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=12&amp;name=Linked-In-Circle-trim.png 12w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=24&amp;name=Linked-In-Circle-trim.png 24w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=36&amp;name=Linked-In-Circle-trim.png 36w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=48&amp;name=Linked-In-Circle-trim.png 48w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=60&amp;name=Linked-In-Circle-trim.png 60w, https://blog.sonatype.com/hs-fs/hubfs/Linked-In-Circle-trim.png?width=72&amp;name=Linked-In-Circle-trim.png 72w" sizes="(max-width: 24px) 100vw, 24px"></a>&nbsp;<a href="https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fblog.sonatype.com%2Fnewly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&amp;url=https%3A%2F%2Fblog.sonatype.com%2Fnewly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&amp;source=tweetbutton&amp;text=Newly%20Found%20npm%20Malware%20Mines%20Cryptocurrency%20on%20Windows%2C%20Linux%2C%20macOS%20Devices" target="_blank" rel="noopener" style="width:24px;border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=24&amp;name=Twitter-circle-trim.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Twitter" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=12&amp;name=Twitter-circle-trim.png 12w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=24&amp;name=Twitter-circle-trim.png 24w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=36&amp;name=Twitter-circle-trim.png 36w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=48&amp;name=Twitter-circle-trim.png 48w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=60&amp;name=Twitter-circle-trim.png 60w, https://blog.sonatype.com/hs-fs/hubfs/Twitter-circle-trim.png?width=72&amp;name=Twitter-circle-trim.png 72w" sizes="(max-width: 24px) 100vw, 24px"></a>&nbsp;<a href="mailto:?subject=Check%20out%20https%3A%2F%2Fblog.sonatype.com%2Fnewly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices%3Futm_medium%3Dsocial%26utm_source%3Demail%20&amp;body=Check%20out%20https%3A%2F%2Fblog.sonatype.com%2Fnewly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices%3Futm_medium%3Dsocial%26utm_source%3Demail" target="_blank" rel="noopener" style="width:24px;border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=24&amp;name=mail-circle.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Email" loading="lazy" srcset="https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=12&amp;name=mail-circle.png 12w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=24&amp;name=mail-circle.png 24w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=36&amp;name=mail-circle.png 36w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=48&amp;name=mail-circle.png 48w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=60&amp;name=mail-circle.png 60w, https://blog.sonatype.com/hs-fs/hubfs/mail-circle.png?width=72&amp;name=mail-circle.png 72w" sizes="(max-width: 24px) 100vw, 24px"></a></span>
                                                      </div>   
                                                  </div>                                                                                                  
                                                </div>
                                              </div>
                                            </div>
                                        </div>
                                    </div>
                                </div>
                                <div class="row-fluid">
                                    <div class="span12">
                                        
                                            <a href="https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices" title="" class="hs-featured-image-link">
                                                <img src="https://blog.sonatype.com/hubfs/GettyImages-1310263594.png" class="hs-featured-image" alt="Image of bitcoin breaking through a dollar bill ">
                                            </a>
                                        
                                    </div>
                                </div>

                                <div class="section post-body">
                                    <span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text"><p><em><span style="text-decoration: underline;">Update:</span> Following our disclosure of these malicious packages, the legitimate library "ua-parser-js" used by millions was itself was found to be compromised. We have released a <a href="/npm-project-used-by-millions-hijacked-in-supply-chain-attack" rel="noopener" target="_blank">subsequent blog post</a> covering the "ua-parser-js" compromise.</em></p>
<p>Sonatype’s automated malware detection system has caught multiple malicious packages on the npm registry this month. These packages disguise themselves as legitimate JavaScript libraries but were caught launching cryptominers on Windows, macOS and Linux machines.</p>
<!--more-->
<p>The malicious packages are:</p>
<ul>
<li aria-level="1">okhsa</li>
<li aria-level="1">klow</li>
<li aria-level="1">klown</li>
</ul>
<p>“klow, klown” have been tracked under <span style="font-weight: bold;">Sonatype-2021-1472</span>. Whereas, “okhsa” has been cataloged under <span style="font-weight: bold;">Sonatype-2021-1473</span>.</p>
<p>Different versions of the “okhsa” package largely contain skeleton code that launches the Calculator app on Windows machines pre-installation. But additionally, these versions contain either the “klow” or the “klown” npm package as a dependency—which is malicious.</p>
<p>The manifest file, package.json, for “okhsa” shows “klown” listed as a dependency.<br><br><img src="https://blog.sonatype.com/hs-fs/hubfs/Windows%201.png?width=512&amp;name=Windows%201.png" alt="Screenshot of the The manifest file, package.json, for “okhsa” shows “klown” listed as a dependency." width="512" loading="lazy" style="width: 512px; margin-left: auto; margin-right: auto; display: block;" srcset="https://blog.sonatype.com/hs-fs/hubfs/Windows%201.png?width=256&amp;name=Windows%201.png 256w, https://blog.sonatype.com/hs-fs/hubfs/Windows%201.png?width=512&amp;name=Windows%201.png 512w, https://blog.sonatype.com/hs-fs/hubfs/Windows%201.png?width=768&amp;name=Windows%201.png 768w, https://blog.sonatype.com/hs-fs/hubfs/Windows%201.png?width=1024&amp;name=Windows%201.png 1024w, https://blog.sonatype.com/hs-fs/hubfs/Windows%201.png?width=1280&amp;name=Windows%201.png 1280w, https://blog.sonatype.com/hs-fs/hubfs/Windows%201.png?width=1536&amp;name=Windows%201.png 1536w" sizes="(max-width: 512px) 100vw, 512px"></p>
<p>All of these packages were published by the <a href="http://web.archive.org/web/20211015081949/https://www.npmjs.com/~wozheqirsplu">same author</a> whose account has since been deactivated:</p>
<p><img src="https://blog.sonatype.com/hs-fs/hubfs/windows%202.png?width=512&amp;name=windows%202.png" alt="Screenshot of author page on npm for wozheqirsplu, showing that he posted both malicious components" width="512" loading="lazy" style="width: 512px; margin-left: auto; margin-right: auto; display: block;" srcset="https://blog.sonatype.com/hs-fs/hubfs/windows%202.png?width=256&amp;name=windows%202.png 256w, https://blog.sonatype.com/hs-fs/hubfs/windows%202.png?width=512&amp;name=windows%202.png 512w, https://blog.sonatype.com/hs-fs/hubfs/windows%202.png?width=768&amp;name=windows%202.png 768w, https://blog.sonatype.com/hs-fs/hubfs/windows%202.png?width=1024&amp;name=windows%202.png 1024w, https://blog.sonatype.com/hs-fs/hubfs/windows%202.png?width=1280&amp;name=windows%202.png 1280w, https://blog.sonatype.com/hs-fs/hubfs/windows%202.png?width=1536&amp;name=windows%202.png 1536w" sizes="(max-width: 512px) 100vw, 512px"></p>
<p>The Sonatype security research team discovered that “klown” had emerged within hours of “klow” having been removed by npm. “Klown” <a href="https://archive.is/wip/dNDKz">falsely touts itself</a> to be a legitimate JavaScript library “UA-Parser-js” to help developers extract the hardware specifics (OS, CPU, browser, engine, etc.) from the “User-Agent” HTTP header.</p>
<p><img src="https://blog.sonatype.com/hs-fs/hubfs/windows%203.png?width=512&amp;name=windows%203.png" alt="Screenshot of Klown” falsely touting itself to be a legitimate JavaScript library “UA-Parser-js”" width="512" loading="lazy" style="width: 512px; margin-left: auto; margin-right: auto; display: block;" srcset="https://blog.sonatype.com/hs-fs/hubfs/windows%203.png?width=256&amp;name=windows%203.png 256w, https://blog.sonatype.com/hs-fs/hubfs/windows%203.png?width=512&amp;name=windows%203.png 512w, https://blog.sonatype.com/hs-fs/hubfs/windows%203.png?width=768&amp;name=windows%203.png 768w, https://blog.sonatype.com/hs-fs/hubfs/windows%203.png?width=1024&amp;name=windows%203.png 1024w, https://blog.sonatype.com/hs-fs/hubfs/windows%203.png?width=1280&amp;name=windows%203.png 1280w, https://blog.sonatype.com/hs-fs/hubfs/windows%203.png?width=1536&amp;name=windows%203.png 1536w" sizes="(max-width: 512px) 100vw, 512px"></p>
<p>But, Sonatype security researcher Ali ElShakankiry who analyzed these packages explains, “Packages&nbsp; ‘klow’ and ‘klown’ contain a cryptocurrency miner. These packages detect the current operating system at the preinstall stage, and proceed to run a .bat or .sh script depending on if the user is running Windows, or a Unix-based operating system.”</p>
<p>“These scripts then download an externally-hosted EXE or a Linux ELF, and execute the binary with arguments specifying the mining pool to use, the wallet to mine cryptocurrency for, and the number of CPU threads to utilize.”</p>
<p>One of the Batch scripts found in the “klown” package are shown below:</p>
<p><img src="https://blog.sonatype.com/hs-fs/hubfs/windows%204.png?width=512&amp;name=windows%204.png" alt="Screenshot of One of the Batch scripts found in the “klown” package" width="512" loading="lazy" style="width: 512px; margin-left: auto; margin-right: auto; display: block;" srcset="https://blog.sonatype.com/hs-fs/hubfs/windows%204.png?width=256&amp;name=windows%204.png 256w, https://blog.sonatype.com/hs-fs/hubfs/windows%204.png?width=512&amp;name=windows%204.png 512w, https://blog.sonatype.com/hs-fs/hubfs/windows%204.png?width=768&amp;name=windows%204.png 768w, https://blog.sonatype.com/hs-fs/hubfs/windows%204.png?width=1024&amp;name=windows%204.png 1024w, https://blog.sonatype.com/hs-fs/hubfs/windows%204.png?width=1280&amp;name=windows%204.png 1280w, https://blog.sonatype.com/hs-fs/hubfs/windows%204.png?width=1536&amp;name=windows%204.png 1536w" sizes="(max-width: 512px) 100vw, 512px"></p>
<p>The script downloads the “jsextension.exe” from a Russia-based host 185.173.36[.]219.</p>
<p>The EXE is a known cryptominer, as previously flagged by <a href="https://www.virustotal.com/gui/file/7f986cd3c946f274cdec73f80b84855a77bc2a3c765d68897fbc42835629a5d5">VirusTotal</a>. For Linux and macOS installations, an identical Bash script downloads the “<a href="https://www.virustotal.com/gui/file/ea131cc5ccf6aa6544d6cb29cdb78130feed061d2097c6903215be1499464c2e">jsextension</a>” ELF binary from the same host.</p>
<p>Shown below is a screenshot from a test run of the crypto mining EXE, <a href="https://app.any.run/tasks/4022f9ff-dc31-4409-8f87-4416c76b7ebd/">generated via any.run</a>. Note, the malicious EXE runs quietly in the background on an infected machine, but for the purposes of demonstration we are showing how the process would appear if it wasn't hidden:&nbsp;</p>
<p><img src="https://blog.sonatype.com/hs-fs/hubfs/Windows%205.png?width=512&amp;name=Windows%205.png" alt="a screenshot from a test run of the crypto mining EXE, generated via any.run" width="512" loading="lazy" style="width: 512px; margin-left: auto; margin-right: auto; display: block;" srcset="https://blog.sonatype.com/hs-fs/hubfs/Windows%205.png?width=256&amp;name=Windows%205.png 256w, https://blog.sonatype.com/hs-fs/hubfs/Windows%205.png?width=512&amp;name=Windows%205.png 512w, https://blog.sonatype.com/hs-fs/hubfs/Windows%205.png?width=768&amp;name=Windows%205.png 768w, https://blog.sonatype.com/hs-fs/hubfs/Windows%205.png?width=1024&amp;name=Windows%205.png 1024w, https://blog.sonatype.com/hs-fs/hubfs/Windows%205.png?width=1280&amp;name=Windows%205.png 1280w, https://blog.sonatype.com/hs-fs/hubfs/Windows%205.png?width=1536&amp;name=Windows%205.png 1536w" sizes="(max-width: 512px) 100vw, 512px"></p>
<p>It isn’t clear how the author of these packages aims to target developers. There are no obvious signs observed that indicate a case of typosquatting or <a href="https://blog.sonatype.com/dependency-hijacking-software-supply-chain-attack-hits-more-than-35-organizations">dependency hijacking</a>. “Klow(n)” does impersonate the legitimate UAParser.js library on the surface, making this attack seem like a <a href="https://blog.sonatype.com/twilio-npm-is-brandjacking-malware-in-disguise">weak brandjacking attempt</a>.</p>
<p>&nbsp;</p>
<p>The Sonatype security research team reported these malicious packages to npm on October 15, 2021, hours after their release, and the packages were taken down the same day by the npm security team.&nbsp;</p>
<h2>Evolving open source supply-chain attacks warrant advanced protection</h2>
<p>Once again, this particular discovery is a further indication that developers are the new target for adversaries over the software they write. Sonatype has been tracing novel <a href="https://blog.sonatype.com/open-source-attacks-on-the-rise-top-8-malicious-packages-found-in-npm">brandjacking, typosquatting</a>, and <a href="https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection">cryptomining</a> malware lurking in software repositories. We’ve also found <a href="https://blog.sonatype.com/netmask-flaw-leaves-millions-vulnerable-while-a-php-git-server-is-hacked-in-software-supply-chain-attack">critical vulnerabilities and next-gen supply-chain attacks</a>, as well as copycat packages <a href="https://blog.sonatype.com/malicious-dependency-confusion-copycats-exfiltrate-bash-history-and-etc-shadow-files">targeting well-known tech companies</a>.</p>
<p>The good news is, over the past few weeks, our automated malware detection system has caught thousands of suspicious packages on npm. These components are either confirmed malicious, previously known to be malicious, or dependency confusion copycats.</p>
<p>We are now expanding our malware detection capabilities via Nexus Intelligence to other ecosystems as well, such as PyPI.</p>
<p>All of this takes more than just due diligence and luck – it takes the expertise of experienced security professionals and hundreds of terabytes of data. In order to keep pace with malware mutations, Sonatype analyses every newly-released npm package to keep developers safe.</p>
<p>We help you remain proactive and safeguard your software supply chains against up-and-coming attacks. Our <a href="https://blog.sonatype.com/meet-the-developers-behind-sonatypes-automated-malware-detection-system-securing-open-source-supply-chains">AI/ML-powered automated malware detection system</a> (which is part of Nexus Firewall and powered by Nexus Intelligence data), and security research team work together for full-spectrum protection. Nexus determines a likely malicious component based on historical supply chain attacks and over five-dozen “signals.” This insight enables flagging for potential new attacks before security researchers discover them.</p>
<p><img src="https://blog.sonatype.com/hs-fs/hubfs/Windows%206.png?width=512&amp;name=Windows%206.png" alt="Image of a diagram that shows the Nexus Firewall component analysis process" width="512" loading="lazy" style="width: 512px; margin-left: auto; margin-right: auto; display: block;" srcset="https://blog.sonatype.com/hs-fs/hubfs/Windows%206.png?width=256&amp;name=Windows%206.png 256w, https://blog.sonatype.com/hs-fs/hubfs/Windows%206.png?width=512&amp;name=Windows%206.png 512w, https://blog.sonatype.com/hs-fs/hubfs/Windows%206.png?width=768&amp;name=Windows%206.png 768w, https://blog.sonatype.com/hs-fs/hubfs/Windows%206.png?width=1024&amp;name=Windows%206.png 1024w, https://blog.sonatype.com/hs-fs/hubfs/Windows%206.png?width=1280&amp;name=Windows%206.png 1280w, https://blog.sonatype.com/hs-fs/hubfs/Windows%206.png?width=1536&amp;name=Windows%206.png 1536w" sizes="(max-width: 512px) 100vw, 512px"></p>
<p>As soon as our system flags a package or a dependency as “suspicious,” it undergoes a quarantine queue for manual review by the Sonatype Security Research Team. Users of <a href="https://blog.sonatype.com/sonatype-releases-new-nexus-firewall-policy-to-secure-software-supply-chains-from-dependency-confusion-attacks">Nexus Firewall</a> are then protected from these suspicious packages while the review is underway. Existing components are quarantined before they are pulled “downstream” into a developer’s open source build environment.</p>
<p>Moreover, users that have enabled the “Dependency Confusion Policy” feature will get proactive protection from dependency confusion attacks. This works whether conflicting package names exist in a public repository or in your private, internal repos.</p>
<p>Sonatype’s world-class security research data, combined with our <a href="https://www.sonatype.com/press-release-blog/next-generation-nexus-intelligence">automated malware detection</a> technology safeguards your developers, customers, and software supply chain from infections.st content here…</p></span>
                                </div>
                                
                                     <p id="hubspot-topic_data"> Tags:
                                        
                                            <a class="topic-link" href="https://blog.sonatype.com/topic/vulnerabilities">vulnerabilities</a>,
                                        
                                            <a class="topic-link" href="https://blog.sonatype.com/topic/featured">featured</a>,
                                        
                                            <a class="topic-link" href="https://blog.sonatype.com/topic/nexus-intelligence-insights">Nexus Intelligence Insights</a>
                                        
                                     </p>
                                
                            </div>
                        </div>
                    </div>
                </div>
                <!-- Optional: Blog Author Bio Box -->
                <div class="about-author-sec row-fluid">
                    <div class="span3 banner-flex-text">
                      
                        <img class="about-author-image" alt="Sonatype Security Research Team" src="https://blog.sonatype.com/hubfs/Intelligence%202019/SON__Nexus_Intelligence_Images_brain@2x.png">
                      
                    </div>
                    <div class="span9 flex-form">
                        <h3>Written by <a class="author-link" href="https://blog.sonatype.com/author/sonatype-security-research-team">Sonatype Security Research Team</a></h3>
                        <p>Sonatype's Security Research Team is comprised 65 world class professionals with 500+ years of experience. The Team is focused on bringing real-time, in-depth intelligence and actionable information about open source and third party vulnerabilities to Sonatype customers.</p>
                        
                    </div>
                </div>
            </div>
        </div>
        <div class="span4 post-sidebar-2018">
            
                   
            
            <div class="tabber-wrap">
              <ul class="clearfix tabber-tabs">
            
                <li class="active"><a>AUTHOR POSTS</a></li>
               <li><a>TOPIC POSTS</a></li> 
            
              </ul>
              <div class="tabber-content">
                <div class="tab-pane active">
                  
                    <ul class="sidebar-list">
                        
                            <li>
                              <div class="row-fluid" style="margin-top:10px;">
                                  <div class="span4">
                                      <img src="https://blog.sonatype.com/hubfs/GettyImages-1310263594.png" class="tabber-post-image https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices findme">
                                  </div>
                                  <div class="span8" style="line-height:1;">
                                      <a href="https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices" class="tabber-post-heading">Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices  </a>
                                      <p><i class="fa fa-pencil"></i>Sonatype Security Research Team</p> 
                                   
                                </div>                                 
                              </div>
                          </li>
                        
                            <li>
                              <div class="row-fluid" style="margin-top:10px;">
                                  <div class="span4">
                                      <img src="https://blog.sonatype.com/hubfs/GettyImages-887166952.jpg" class="tabber-post-image https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains findme">
                                  </div>
                                  <div class="span8" style="line-height:1;">
                                      <a href="https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains" class="tabber-post-heading">CursedGrabber strikes again: Sonatype spots new malware campaign against Software Supply Chains  </a>
                                      <p><i class="fa fa-pencil"></i>Sonatype Security Research Team</p> 
                                   
                                </div>                                 
                              </div>
                          </li>
                        
                            <li>
                              <div class="row-fluid" style="margin-top:10px;">
                                  <div class="span4">
                                      <img src="https://blog.sonatype.com/hubfs/GettyImages-1182226451.png" class="tabber-post-image https://blog.sonatype.com/malware-removed-from-maven-central findme">
                                  </div>
                                  <div class="span8" style="line-height:1;">
                                      <a href="https://blog.sonatype.com/malware-removed-from-maven-central" class="tabber-post-heading">Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community  </a>
                                      <p><i class="fa fa-pencil"></i>Sonatype Security Research Team</p> 
                                   
                                </div>                                 
                              </div>
                          </li>
                        
                    </ul>                  
                </div>
                <div class="tab-pane" id="tab-2">
                  
                  

                  
                  
                  
                  
                  
                  
                  
                      <ul class="sidebar-list">
                          
                              <li>
                                 <div class="row-fluid" style="margin-top:10px;">
                                   <div class="span4">
                                      <img src="https://blog.sonatype.com/hubfs/GettyImages-1298133977.png" class="tabber-post-image">                                     
                                   </div>
                                   <div class="span8" style="line-height:1;">
                                      <a class="tabber-post-heading" href="https://blog.sonatype.com/how-much-should-the-federal-government-worry-about-log4j">How Much Should the Federal Government Worry About Log4j?</a>  
                                     
                                    <p><i class="fa fa-tag"></i>vulnerabilities</p>
                                   </div>
                                </div>
                            </li>
                          
                              <li>
                                 <div class="row-fluid" style="margin-top:10px;">
                                   <div class="span4">
                                      <img src="https://blog.sonatype.com/hubfs/GettyImages-1008926982.jpg" class="tabber-post-image">                                     
                                   </div>
                                   <div class="span8" style="line-height:1;">
                                      <a class="tabber-post-heading" href="https://blog.sonatype.com/log4j-exploits-are-now-being-used-to-spread-dridex-banking-trojan">Log4j Exploits Are Now Being Used to Spread Dridex Banking Trojan</a>  
                                     
                                    <p><i class="fa fa-tag"></i>vulnerabilities</p>
                                   </div>
                                </div>
                            </li>
                          
                              <li>
                                 <div class="row-fluid" style="margin-top:10px;">
                                   <div class="span4">
                                      <img src="https://blog.sonatype.com/hubfs/article-community-log4j-blog-v3.jpg" class="tabber-post-image">                                     
                                   </div>
                                   <div class="span8" style="line-height:1;">
                                      <a class="tabber-post-heading" href="https://blog.sonatype.com/helping-the-open-source-community-log4j">Helping The Open Source Community Find, Fix, and Remediate Log4j</a>  
                                     
                                    <p><i class="fa fa-tag"></i>vulnerabilities</p>
                                   </div>
                                </div>
                            </li>
                          
                      </ul>                 
                </div>
              </div>              
            </div>
        </div>
    </div>
</div>
</div>

</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-4 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-blog_comments blog-2018-comments" style="" data-widget-type="blog_comments" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_blog_comments" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_blog_comments" style="" data-hs-cos-general-type="widget" data-hs-cos-type="blog_comments">
<div class="section post-footer">
    <div id="comments-listing" class="new-comments"></div>
    
      <div id="hs_form_target_57d70dc2-fdae-4a95-864a-471335c8677b"></div>
      
      
      
    
</div>

</span></div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

    </div><!--end body -->
</div><!--end body wrapper -->

<div class="footer-container-wrapper">
    <div class="footer-container container-fluid">

<div class="row-fluid-wrapper row-depth-1 row-number-1 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-global_group " style="" data-widget-type="global_group" data-x="0" data-w="12">
<div class="" data-global-widget-path="generated_global_groups/4063610545.html"><div class="row-fluid-wrapper row-depth-1 row-number-1 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell sonatype-footer sonatype-body sonatype-section" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-2 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell desktop-footer" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-3 ">
<div class="row-fluid ">
<div class="span2 widget-span widget-type-cell sonatype-column" style="" data-widget-type="cell" data-x="0" data-w="2">

<div class="row-fluid-wrapper row-depth-1 row-number-4 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-linked_image sonatype-footer-nav-logo" style="" data-widget-type="linked_image" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_14568829902672" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_linked_image" style="" data-hs-cos-general-type="widget" data-hs-cos-type="linked_image"><a href="https://www.sonatype.com/" id="hs-link-module_14568829902672" style="border-width:0px;border:0px;"><img src="https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=130&amp;name=SON_logo_white@2x%20copy%20trimmed.png" class="hs-image-widget " style="width:130px;border-width:0px;border:0px;" width="130" alt="SON_logo_white@2x copy trimmed" title="SON_logo_white@2x copy trimmed" srcset="https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=65&amp;name=SON_logo_white@2x%20copy%20trimmed.png 65w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=130&amp;name=SON_logo_white@2x%20copy%20trimmed.png 130w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=195&amp;name=SON_logo_white@2x%20copy%20trimmed.png 195w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=260&amp;name=SON_logo_white@2x%20copy%20trimmed.png 260w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=325&amp;name=SON_logo_white@2x%20copy%20trimmed.png 325w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=390&amp;name=SON_logo_white@2x%20copy%20trimmed.png 390w" sizes="(max-width: 130px) 100vw, 130px"></a></span></div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-5 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-raw_html footer-menu" style="" data-widget-type="raw_html" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_14568829902673" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_raw_html" style="" data-hs-cos-general-type="widget" data-hs-cos-type="raw_html"><div class="sonatype-social">
<a href="https://twitter.com/sonatype" target="_blank"><i class="fa fa-twitter"></i> Twitter</a>
<a href="https://www.linkedin.com/company/sonatype" target="_blank"><i class="fa fa-linkedin"></i> LinkedIn</a>
<a href="https://www.facebook.com/Sonatype" target="_blank"><i class="fa fa-facebook"></i> Facebook</a>
<a href="https://www.youtube.com/user/sonatype" target="_blank"><i class="fa fa-youtube-play"></i> YouTube</a>
<a href="https://github.com/sonatype" target="_blank"><i class="fa fa-github"></i> GitHub</a>
</div></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
<div class="span2 widget-span widget-type-cell sonatype-column footer-products" style="" data-widget-type="cell" data-x="2" data-w="2">

<div class="row-fluid-wrapper row-depth-1 row-number-6 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-rich_text " style="" data-widget-type="rich_text" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_14568829902678" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><h5 style="color: #ffffff; margin: 0; font-size: 18px;">Products</h5></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-7 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-simple_menu footer-menu" style="" data-widget-type="simple_menu" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_14568829902679" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_14568829902679" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-vertical" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/software-supply-chain-management" role="menuitem" target="_self">Full-Spectrum Platform</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/sonatype-lift" role="menuitem" target="_self">Sonatype Lift</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/open-source-security-dependency-management" role="menuitem" target="_self">Nexus Lifecycle</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/advanced-development-pack" role="menuitem" target="_self"><span style="font-size:13px;">Advanced Development Pack</span></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/advanced-legal-pack" role="menuitem" target="_self"><span style="font-size:13px;">Advanced Legal Pack</span></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/infrastructure-as-code" role="menuitem" target="_self">Infrastructure as Code Pack</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/lifecycle-foundation" role="menuitem" target="_self">Nexus Lifecycle Foundation</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/firewall" role="menuitem" target="_self">Nexus Firewall</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/auditor" role="menuitem" target="_self">Nexus Auditor</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/container" role="menuitem" target="_self">Nexus Container</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/repository-oss" role="menuitem" target="_self">Nexus Repository OSS</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/repository-pro" role="menuitem" target="_self">Nexus Repository Pro</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/pricing" role="menuitem" target="_self">Pricing</a></li>
 </ul>
</div></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
<div class="span2 widget-span widget-type-cell sonatype-column" style="" data-widget-type="cell" data-x="4" data-w="2">

<div class="row-fluid-wrapper row-depth-1 row-number-8 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-rich_text " style="" data-widget-type="rich_text" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_1503090809028170" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><h5 style="color: #ffffff; margin: 0; font-size: 18px;">Free Tools</h5></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-9 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget footer-menu" style="" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_module_1556825048647548" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module widget-type-simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><span id="hs_cos_wrapper_module_1556825048647548_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1556825048647548_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-vertical" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/vulnerability-scanner" role="menuitem" target="_self">Nexus Vulnerability Scanner</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://ossindex.sonatype.org/" role="menuitem" target="_blank" rel="noopener">OSS Index</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/free-developer-tools" role="menuitem" target="_self">Free Developer Tools</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/integrations" role="menuitem" target="_self">Nexus Integrations</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/resources/nexus-intelligence-insights" role="menuitem" target="_self">CVE Insights</a></li>
 </ul>
</div></span></div>

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
<div class="span2 widget-span widget-type-cell sonatype-column" style="" data-widget-type="cell" data-x="6" data-w="2">

<div class="row-fluid-wrapper row-depth-1 row-number-10 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-rich_text " style="" data-widget-type="rich_text" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_145688299026711" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><h5 style="color: #ffffff; margin: 0; font-size: 18px;">Solutions</h5></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-11 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-simple_menu footer-menu" style="" data-widget-type="simple_menu" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_145688299026712" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_145688299026712" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-vertical" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/software-developers" role="menuitem" target="_self">Developers</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/appsec-professionals" role="menuitem" target="_self">AppSec</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/devsecops-leaders" role="menuitem" target="_self">DevSecOps</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/legal-and-compliance-officers" role="menuitem" target="_self">Legal &amp; Compliance</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/government" role="menuitem" target="_self">Government</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/banking-and-financial-services" role="menuitem" target="_self">Financial Services</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/manufacturing" role="menuitem" target="_self">Manufacturing</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/technology-and-software" role="menuitem" target="_self">Technology</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/solutions/healthcare" role="menuitem" target="_self">Healthcare</a></li>
 </ul>
</div></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
<div class="span2 widget-span widget-type-cell sonatype-column" style="" data-widget-type="cell" data-x="8" data-w="2">

<div class="row-fluid-wrapper row-depth-1 row-number-12 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-rich_text " style="" data-widget-type="rich_text" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_145688299026714" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><h5 style="color: #ffffff; margin: 0; font-size: 18px;">Resources</h5></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-13 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-simple_menu footer-menu" style="" data-widget-type="simple_menu" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_145688299026715" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_145688299026715" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-vertical" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu" class="active-branch">
  <li class="hs-menu-item hs-menu-depth-1 active active-branch" role="none"><a href="https://blog.sonatype.com" role="menuitem" target="_self">Sonatype Blog</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/resources/whitepapers-reports-and-books" role="menuitem" target="_self">Whitepapers &amp; eBooks</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/resources/webinars" role="menuitem" target="_self">Webinars</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://video.sonatype.com/" role="menuitem" target="_blank" rel="noopener">Videos</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/customer-success" role="menuitem" target="_self">Customer Stories</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/resources/upcoming-events" role="menuitem" target="_self">Events</a></li>
 </ul>
</div></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-14 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget " style="" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_module_1623878945520150" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module widget-type-rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><span id="hs_cos_wrapper_module_1623878945520150_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><h5 style="font-size: 18px; margin-top: 25px; margin-bottom: 5px; color: #ffffff;">Customer Portal</h5></span></div>

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-15 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-custom_widget footer-menu" style="" data-widget-type="custom_widget" data-x="0" data-w="12">
<div id="hs_cos_wrapper_module_1623878960048152" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_module widget-type-simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="module"><span id="hs_cos_wrapper_module_1623878960048152_" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_1623878960048152_" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-vertical" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/training" role="menuitem" target="_self">Training &amp; Workshops</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://my.sonatype.com/" role="menuitem" target="_blank" rel="noopener">My Sonatype&nbsp;&nbsp;<i class="fa fa-external-link"></i></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://guides.sonatype.com" role="menuitem" target="_blank" rel="noopener">Guides&nbsp;&nbsp;<i class="fa fa-external-link"></i></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://help.sonatype.com" role="menuitem" target="_blank" rel="noopener">Documentation&nbsp;&nbsp;<i class="fa fa-external-link"></i></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://learn.sonatype.com" role="menuitem" target="_blank" rel="noopener">Online Courses&nbsp;&nbsp;<i class="fa fa-external-link"></i></a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://guides.sonatype.com" role="menuitem" target="_blank" rel="noopener">Customer Support&nbsp;&nbsp;<i class="fa fa-external-link"></i></a></li>
 </ul>
</div></span></div>

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
<div class="span2 widget-span widget-type-cell sonatype-column" style="" data-widget-type="cell" data-x="10" data-w="2">

<div class="row-fluid-wrapper row-depth-1 row-number-16 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-rich_text " style="" data-widget-type="rich_text" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_145688299026717" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><h5 style="color: #ffffff; margin: 0; font-size: 18px;">Company</h5></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-17 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-simple_menu footer-menu" style="" data-widget-type="simple_menu" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_145688299026718" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_simple_menu" style="" data-hs-cos-general-type="widget" data-hs-cos-type="simple_menu"><div id="hs_menu_wrapper_module_145688299026718" class="hs-menu-wrapper active-branch flyouts hs-menu-flow-vertical" role="navigation" data-sitemap-name="" data-menu-id="" aria-label="Navigation Menu">
 <ul role="menu">
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/" role="menuitem" target="_self">About Sonatype</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/analyst-recognition-and-insights" role="menuitem" target="_self">Analyst Recognition</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/products/intelligence" role="menuitem" target="_self">Nexus Intelligence</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/partners" role="menuitem" target="_self">Partners</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/investors" role="menuitem" target="_self">Investors</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/press-releases" role="menuitem" target="_self">Press Releases</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/media" role="menuitem" target="_self">Media Coverage</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/press-kit" role="menuitem" target="_self">Press Kit</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/company/careers" role="menuitem" target="_self">Careers</a></li>
  <li class="hs-menu-item hs-menu-depth-1" role="none"><a href="https://www.sonatype.com/contactus" role="menuitem" target="_self">Contact Us</a></li>
 </ul>
</div></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-18 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-cell mobile-footer" style="" data-widget-type="cell" data-x="0" data-w="12">

<div class="row-fluid-wrapper row-depth-1 row-number-19 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-rich_text " style="" data-widget-type="rich_text" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_1503090571206149" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><img src="https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=145&amp;name=SON_logo_white@2x%20copy%20trimmed.png" alt="SON_logo_white@2x copy trimmed" width="145" style="width: 145px;" srcset="https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=73&amp;name=SON_logo_white@2x%20copy%20trimmed.png 73w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=145&amp;name=SON_logo_white@2x%20copy%20trimmed.png 145w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=218&amp;name=SON_logo_white@2x%20copy%20trimmed.png 218w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=290&amp;name=SON_logo_white@2x%20copy%20trimmed.png 290w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=363&amp;name=SON_logo_white@2x%20copy%20trimmed.png 363w, https://blog.sonatype.com/hs-fs/hubfs/SON_logo_white@2x%20copy%20trimmed.png?width=435&amp;name=SON_logo_white@2x%20copy%20trimmed.png 435w" sizes="(max-width: 145px) 100vw, 145px"></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-20 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-raw_html " style="" data-widget-type="raw_html" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_1503090682618167" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_raw_html" style="" data-hs-cos-general-type="widget" data-hs-cos-type="raw_html"><div class="row-fluid">
<div style="width:50%; float:left;">
<ul class="mobile-footer-links">
<li><a href="https://www.sonatype.com/products-overview">Products</a> </li>
<li><a href="https://www.sonatype.com/nexus/free-developer-tools">Free Tools</a> </li>
<li><a href="https://www.sonatype.com/solutions/software-developers">Solutions</a> </li>
<li><a href="https://www.sonatype.com/resources/whitepapers-reports-and-books">Resources</a> </li>
<li><a href="https://www.sonatype.com/company">About</a> </li>
</ul>
</div>
<div style="width:50%; float:left;">
<ul class="sonatype-social">
<li><a href="https://twitter.com/sonatype" target="_blank"><i class="fa fa-twitter"></i> Twitter</a></li>
<li><a href="https://www.linkedin.com/company/sonatype" target="_blank"><i class="fa fa-linkedin"></i> LinkedIn</a></li>
<li><a href="https://www.facebook.com/Sonatype" target="_blank"><i class="fa fa-facebook"></i> Facebook</a></li>
<li><a href="https://www.youtube.com/user/sonatype" target="_blank"><i class="fa fa-youtube-play"></i> YouTube</a></li>
<li><a href="https://github.com/sonatype" target="_blank"><i class="fa fa-github"></i>GitHub</a></li>
</ul>       
</div>
</div></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-21 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-rich_text sonatype-legal" style="" data-widget-type="rich_text" data-x="0" data-w="12">
<div class="cell-wrapper layout-widget-wrapper">
<span id="hs_cos_wrapper_module_145688299026719" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="widget" data-hs-cos-type="rich_text"><p class="footer-copyright">Sonatype Headquarters -&nbsp;8161 Maple Lawn Blvd #250, Fulton, MD 20759</p>
<p class="footer-copyright">Tysons Office - 8281 Greensboro Drive – Suite 630, McLean, VA 22102</p>
<p class="footer-copyright">Australia Office - 60 Martin Place Level 1, Sydney, NSW 2000, Australia</p>
<p class="footer-copyright">London Office -168 Shoreditch High Street, E1 6HU London</p>
<p class="footer-copyright" style="margin-top: 20px;">Copyright&nbsp;© 2008-present, Sonatype Inc. All rights reserved. Includes the third-party code listed here. Sonatype and Sonatype Nexus are trademarks of Sonatype, Inc. Apache Maven and Maven are trademarks of the Apache Software Foundation. M2Eclipse is a trademark of the Eclipse Foundation. All other trademarks are the property of their respective owners.</p>
<p class="footer-terms"><a href="//www.sonatype.com/terms-of-service">Terms of Service</a> &nbsp; &nbsp;<a href="//www.sonatype.com/privacy-policy">Privacy Policy</a> &nbsp; &nbsp;<a href="https://www.sonatype.com/events-terms-and-conditions">Event Terms and Conditions</a></p>
<script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="9958dd21-8504-4dbf-8e2f-e736792a6843" type="text/javascript" async></script></span>
</div><!--end layout-widget-wrapper -->
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->
</div>
</div><!--end widget-span -->
</div><!--end row-->
</div><!--end row-wrapper -->

<div class="row-fluid-wrapper row-depth-1 row-number-2 ">
<div class="row-fluid ">
<div class="span12 widget-span widget-type-raw_jinja " style="display:none;" data-widget-type="raw_jinja" data-x="0" data-w="12">

<script>
    $('#blog_search_form').submit(function() {
        var url = "https://blog.sonatype.com/miracle/all";
        var searchTerm = $('#keyword').val().toLowerCase();
        var goUrl = url + '?q=' + searchTerm;
        window.location = goUrl;
        return false;
        
    });
</script>

<script>

    $(function(){

        $(".tab-pane").not(".active").hide();
        $('.tabber-content .tab-pane').each(function(i,el){
        $(el).attr("id","tab-"+i);});
        $(".tabber-tabs a").each(function(i,el){
        $(el).attr("href","#tab-"+i);
        var ID=$(el).attr("href");
        $(this).click(function(e){
        e.preventDefault();
        if(!$(this).parent().hasClass("active")){
            $(this).parent().addClass("active").siblings().removeClass("active");
        $(ID).fadeIn().siblings().hide();}});});
    });

</script></div><!--end widget-span -->

</div><!--end row-->
</div><!--end row-wrapper -->

    </div><!--end footer -->
</div><!--end footer wrapper -->

    
<script>
(function () {
    window.addEventListener('load', function () {
        setTimeout(function () {
            var xhr = new XMLHttpRequest();
            xhr.open('POST', '/_hcms/perf', true /*async*/);
            xhr.setRequestHeader("Content-type", "application/json");
            xhr.onreadystatechange = function () {
                // do nothing.
            };
            var connection = navigator.connection || navigator.mozConnection || navigator.webkitConnection;
            function populateNetworkInfo(name, connection, info) {
                if (name in connection) {
                    info[name] = connection[name];
                }
            }
            var networkInfo = {};
            if (connection) {
                ['type', 'effectiveType', 'downlink', 'rtt'].forEach(function(name) {
                    populateNetworkInfo(name, connection, networkInfo);
                });
            }
            var perfData = {
                url: location.href,
                portal: 1958393,
                content: 57962394675,
                group: -1,
                connection: networkInfo,
                timing: performance.timing
            };
            xhr.send(JSON.stringify(perfData));
        }, 3000);  // Execute this 3 seconds after onload.
    });
})();
</script>

<script src="/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js"></script>
<script>
if (typeof hsVars !== 'undefined') { hsVars['language'] = 'en-us'; }
</script>

<script src="/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js"></script>
<script src="https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/module_assets/40666130714/1638830373001/module_40666130714_MEGA_Menu_Code_Jan_2021_NEW_MEGA.min.js"></script>
<script src="/hs/hsstatic/AsyncSupport/static-1.122/js/comment_listing_asset.js"></script>
<script>
  function hsOnReadyPopulateCommentsFeed() {
    var options = {
      commentsUrl: "https://api-na1.hubapi.com/comments/v3/comments/thread/public?portalId=1958393&offset=0&limit=1000&contentId=57962394675&collectionId=3737438004",
      maxThreadDepth: 3,
      showForm: true,
      
      skipAssociateContactReason: 'blogComment',
      disableContactPromotion: true,
      
      target: "hs_form_target_57d70dc2-fdae-4a95-864a-471335c8677b"
    };
    window.hsPopulateCommentsFeed(options);
  }

  if (document.readyState === "complete" ||
      (document.readyState !== "loading" && !document.documentElement.doScroll)
  ) {
    hsOnReadyPopulateCommentsFeed();
  } else {
    document.addEventListener("DOMContentLoaded", hsOnReadyPopulateCommentsFeed);
  }

</script>


          <!--[if lte IE 8]>
          <script charset="utf-8" src="https://js.hsforms.net/forms/v2-legacy.js"></script>
          <![endif]-->
      
<script data-hs-allowed="true" src="/_hcms/forms/v2.js"></script>

        <script data-hs-allowed="true">
            hbspt.forms.create({
                portalId: '1958393',
                formId: '57d70dc2-fdae-4a95-864a-471335c8677b',
                pageId: '57962394675',
                region: 'na1',
                pageName: "Newly Found npm Malware Mines Cryptocurrency on Windows, Linux, macOS Devices",
                contentType: 'blog-post',
                
                formsBaseUrl: '/_hcms/forms/',
                
                
                
                css: '',
                target: "#hs_form_target_57d70dc2-fdae-4a95-864a-471335c8677b",
                type: 'BLOG_COMMENT',
                
                submitButtonClass: 'hs-button primary',
                formInstanceId: '1',
                getExtraMetaDataBeforeSubmit: window.hsPopulateCommentFormGetExtraMetaDataBeforeSubmit
            });

            window.addEventListener('message', function(event) {
              var origin = event.origin; var data = event.data;
              if ((origin != null && (origin === 'null' || document.location.href.toLowerCase().indexOf(origin.toLowerCase()) === 0)) && data !== null && data.type === 'hsFormCallback' && data.id == '57d70dc2-fdae-4a95-864a-471335c8677b') {
                if (data.eventName === 'onFormReady') {
                  window.hsPopulateCommentFormOnFormReady({
                    successMessage: "Thanks for your comment",
                    target: "#hs_form_target_57d70dc2-fdae-4a95-864a-471335c8677b"
                  });
                } else if (data.eventName === 'onFormSubmitted') {
                  window.hsPopulateCommentFormOnFormSubmitted();
                }
              }
            });
        </script>
      

<!-- Start of HubSpot Analytics Code -->
<script type="text/javascript">
var _hsq = _hsq || [];
_hsq.push(["setContentType", "blog-post"]);
_hsq.push(["setCanonicalUrl", "https:\/\/blog.sonatype.com\/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices"]);
_hsq.push(["setPageId", "57962394675"]);
_hsq.push(["setContentMetadata", {
    "contentPageId": 57962394675,
    "legacyPageId": "57962394675",
    "contentFolderId": null,
    "contentGroupId": 3737438004,
    "abTestId": null,
    "languageVariantId": 57962394675,
    "languageCode": "en-us",
    
}]);
</script>

<script type="text/javascript" id="hs-script-loader" async defer src="/hs/scriptloader/1958393.js?businessUnitId=0"></script>
<!-- End of HubSpot Analytics Code -->


<script type="text/javascript">
var hsVars = {
    ticks: 1640291808154,
    page_id: 57962394675,
    
    content_group_id: 3737438004,
    portal_id: 1958393,
    app_hs_base_url: "https://app.hubspot.com",
    cp_hs_base_url: "https://cp.hubspot.com",
    language: "en-us",
    analytics_page_type: "blog-post",
    analytics_page_id: "57962394675",
    category_id: 3,
    folder_id: 0,
    is_hubspot_user: false
}
</script>


<script defer src="/hs/hsstatic/HubspotToolsMenu/static-1.119/js/index.js"></script>

<!-- Google Tag Manager (noscript) -->
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-TT8R4P" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<!-- End Google Tag Manager (noscript) -->

<script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');

ga('create', 'UA-1693297-38', 'auto','sonatypeDemandbaseTracker02012017');
ga('sonatypeDemandbaseTracker02012017.send', 'pageview');

  ga('create', 'UA-1693297-29', 'auto','cdt');
  ga('cdt.send', 'pageview');
  
</script>
 
<script type="text/javascript" language="javascript"> 
      var sf14gv = 29592; 
      (function() { 
      var sf14g = document.createElement('script'); sf14g.type = 'text/javascript'; sf14g.async = true; 
      sf14g.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 't.sf14g.com/sf14g.js'; 
      var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(sf14g, s); 
      })(); 
</script>

<!-- Twitter universal website tag code -->
<script>
!function(e,n,u,a){e.twq||(a=e.twq=function(){a.exe?a.exe.apply(a,arguments):
a.queue.push(arguments);},a.version='1',a.queue=[],t=n.createElement(u),
t.async=!0,t.src='//static.ads-twitter.com/uwt.js',s=n.getElementsByTagName(u)[0],
s.parentNode.insertBefore(t,s))}(window,document,'script');
// Insert Twitter Pixel ID and Standard Event data below
twq('init','nv7ri');
twq('track','PageView');
</script>
<!-- End Twitter universal website tag code -->
<!-- Start DemandBase website tag code--> 
<script>
(function(d,b,a,s,e){var t=b.createElement(a),
 fs=b.getElementsByTagName(a)[0];t.async=1;t.id=e;t.src=s;
 fs.parentNode.insertBefore(t,fs);})
(window,document,'script','https://tag.demandbase.com/eUSOivES.min.js','demandbase_js_lib');
</script>
<!-- Start DemandBase website tag code -->


<script type="text/javascript">
_linkedin_data_partner_id = "39209";
</script><script type="text/javascript">
(function(){var s = document.getElementsByTagName("script")[0];
var b = document.createElement("script");
b.type = "text/javascript";b.async = true;
b.src = "https://snap.licdn.com/li.lms-analytics/insight.min.js";
s.parentNode.insertBefore(b, s);})();
</script>
<!-- Twitter universal website tag code -->
<script>
!function(e,t,n,s,u,a){e.twq||(s=e.twq=function(){s.exe?s.exe.apply(s,arguments):s.queue.push(arguments);
},s.version='1.1',s.queue=[],u=t.createElement(n),u.async=!0,u.src='//static.ads-twitter.com/uwt.js',
a=t.getElementsByTagName(n)[0],a.parentNode.insertBefore(u,a))}(window,document,'script');
// Insert Twitter Pixel ID and Standard Event data below
twq('init','nv7ri');
twq('track','PageView');
</script>
<!-- End Twitter universal website tag code -->
<!-- Mobile Navigation Script -->
<script src="https://blog.sonatype.com/hs-fs/hub/1958393/hub_generated/template_assets/5296077409/1623972639539/ARCHIVES_NOT_IN_USE/NOT_IN_USE_CSS_JS_and_MISC/Sonatype-Main.js">
</script>

<div id="fb-root"></div>
 <script>(function(d, s, id) {
  var js, fjs = d.getElementsByTagName(s)[0];
  if (d.getElementById(id)) return;
  js = d.createElement(s); js.id = id;
  js.src = "//connect.facebook.net/en_US/all.js#xfbml=1&status=0";
  fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
 <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="https://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
 


    
    <!-- Generated by the HubSpot Template Builder - template version 1.03 -->

</body></html>